The prevalence of high-profile cyber-attacks is on the increase. In the last two weeks alone we have witnessed the exposure of 412 million accounts from the FriendFinder network, 20,000 Tesco bank customers lost money in the UK and Three Mobile lost personal data from 133,000 customers. Not only are these attacks becoming more frequent, they are also increasing in severity with the Tesco incident seen as the worst banking security failure to date by some commentators.
The trouble is the talent pool is empty. Security staff have always been always been hard to find, and currently there is a drastic shortage of cyber security professionals across the globe. As I discussed in my recent PoV Is HR the Missing Link in Your Cyber Security Strategy?. In the U.S alone there are 209,000 unfilled cyber security jobs.
So, with all this in mind, why are cyber security professionals so hard to find? What skills, qualifications or characteristics distinguish them?
Well, according to IT compliance provider IT Governance and the U.S. News and World Report, individuals looking to establish a career in cyber security should begin with a degree in computer science, programming or engineering. This should then be followed this up with industry standard security qualifications offered by Microsoft, CISCO, and HP. For those wishing to become true specialists, an industry recognized qualification specifically within security should be sought. Examples include Certified Ethical Hacker (CEH) or GIAC Certified Penetration Tester (GPEN) certificates. So a lengthy and hard path to follow giving rise to the reality that candidates with these qualifications are scarce.
So, we have started to see organizations looking to tap into new sources for security talent. The UK public sector is leading this charge by instead of looking for qualified individuals rather focusing on recruiting candidates with the correct behavioral and cognitive capabilities who can then be trained on the job.
The UK’s National Cyber Security Program is looking to hire 50 candidates who have the ability to excel in cyber security. The program, whilst been open to all individuals, will primarily target soldiers, doctors and nurses whose attention to detail and pressured thinking ability would allow them to excel in cyber security.
Apart from being a healthcare professional or one of Her Majesty’s finest, what specific traits do cyber security hopefuls need? Well according to recruiting specialist DHi Group, individuals need the following characteristics:
- Ability to work methodically and is very detail oriented
- Eagerness to dig into technical questions and examine them from all sides
- Enthusiastic and highly adaptable
- Strong analytical and diagnostic skills
- Demonstrated skills in innovation and collaboration
- Keep a current understanding of vulnerabilities from the Internet
- Maintaining awareness and knowledge of contemporary standards, practices, procedures and methods
- Ability to get the job done.
The Bottom Line
The solution to the cyber security shortage is not rocket science. Companies must start thinking ahead and training the future professionals. Pump the money you spend on sky high salaries of the seasoned professionals with a mix of junior staff and a decent training program. The scarcity is fueled by the lack of junior and mid-level positions. Get the characteristics, not the qualification, and train on the job! Is this groundbreaking? Absolutely not, but what this approach does do, is help to redress the supply/demand crisis for this critical business issue.